TWC: Small: Collaborative: Towards Agile and Privacy-Preserving Cloud Computing

TWC：小型：协作：迈向敏捷和隐私保护的云计算

• 批准号: 1634441
• 负责人: Ravinderpal Sandhu
• 金额: $ 24.87万
• 依托单位: University of Texas at San Antonio
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-08-10 至 2019-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1634441&HistoricalAwards=false
• 关键词: TWC; Small; Collaborative; Towards; Agile

Cloud computing offers many benefits to users, including increased availability and flexibility of resources, and efficiency of equipment. However, privacy concerns are becoming a major barrier to users transitioning to cloud computing. The privilege design of existing cloud platforms creates great challenges in ensuring the trustworthiness of cloud by granting too much power to the cloud administrators, who could launch serious insider attacks by abusing the administrative privileges.This project uses a well-understood philosophy, separation-of-privilege, in the architectural design of a cloud platform. The architectural design and the strong homomorphic cryptographic approach protect data privacy in cloud environments from different angles. This project develops an innovative privacy-driven architectural design, with one focus on the privilege-level design of each software component of a cloud platform, and another on defending insider attacks. This project investigates new mechanisms to de-privilege the cloud administrator and enable more fine grained access control among the software components of a cloud platform. More specifically, the new mechanisms enable agile configuration of the platform; user-configurable privacy protection; and strong isolation in the user space. The techniques developed under this project are immensely important as users place more of their data into the cloud and rely upon cloud providers to keep that data private.

云计算为用户提供了许多好处，包括提高资源的可用性和灵活性以及设备的效率。然而，隐私问题正在成为用户过渡到云计算的主要障碍。现有云平台的权限设计给云管理员提供了过多的权限，使得云的可信性面临很大的挑战。云管理员滥用权限可能会发起严重的内部攻击。本项目在云平台的架构设计中采用了一种广为人知的理念--权限分离。架构设计和强同态加密方法从不同角度保护云环境中的数据隐私。该项目开发了一种创新的隐私驱动架构设计，其中一个重点是云平台每个软件组件的安全级别设计，另一个重点是防御内部攻击。该项目研究了新的机制来解除云管理员的特权，并在云平台的软件组件之间实现更细粒度的访问控制。更具体地说，新机制支持平台的敏捷配置;用户可配置的隐私保护;以及用户空间的强大隔离。 在这个项目下开发的技术非常重要，因为用户将更多的数据放在云中，并依赖云提供商来保持数据的私密性。